package cn.kill.config;

import cn.jbit.entity.User;
import cn.kill.service.impl.LoginServiceImpl;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authorization.AuthorizationManager;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.ClientDetailsService;
import org.springframework.security.oauth2.provider.client.JdbcClientDetailsService;

import javax.sql.DataSource;

/**
 * 源码学院只为培养优秀的bat程序员而生
 *
 * @author 学员张在成
 * @data 2021/6/20
 */
@Configuration
@EnableAuthorizationServer
public class KillAuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {

    @Autowired
    private DataSource dataSource;

    @Autowired
    private PasswordEncoder passwordEncoder;

    @Autowired
    private AuthenticationManager authorizationManagerBean;

    @Autowired
    private LoginServiceImpl  loginService;

    //配置授权服务器存储第三方客户端的信息，基于DB存储
    @Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
        User user=new User();
        //配置授权服务器存储第三方客户端信息，基于内存存储
        clients.inMemory()
                .withClient("client")
                .secret(passwordEncoder.encode(user.getPassword()))
                .authorizedGrantTypes("grant")
                .accessTokenValiditySeconds(30)
                .refreshTokenValiditySeconds(30)
                .redirectUris("www.baidu.com")
                .scopes("all")
                .authorizedGrantTypes("authorization_code","password","refresh_code");

        //配置授权服务器存储第三方客户端信息，基于DB存储
        //clients.withClientDetails(clientDetailsService());
    }

//    @Bean
//    public ClientDetailsService clientDetailsService(){
//        return  new JdbcClientDetailsService(dataSource);
//    }

    @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {

        //使用密码模式需要配置
        endpoints.authenticationManager(authorizationManagerBean)
                .reuseRefreshTokens(false)   //token是否重复使用
                .userDetailsService(loginService)
                .allowedTokenEndpointRequestMethods(HttpMethod.GET,HttpMethod.POST);

    }

    //授权服务器安全配置
    @Override
    public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {

        //第三方客户端校验token需要带入clientId和clientSecret
        security.checkTokenAccess("isAuthenticated()")
                .tokenKeyAccess("isAuthenticated()"); //来获取我们的tokenKey带入clientId和clientSecret

        //设置允许表单验证
         security.allowFormAuthenticationForClients();

    }



}
